In recent years, the importance of an access control technology for controlling an action (a behavior) with respect to specific information or processing based on authority information is growing. As such a technology, there is, e.g., access control adopting an action propriety format.
As the access control adopting the action propriety format, there is, e.g., a method which determines that authority information for a document file has a security attribute. In this method, the authority information for the document file is written in an action propriety format, e.g., “view permit” or “edit permit”. This type of authority information is known as an access control matrix or an access control list. For example, there has been disclosed a method for setting authority information (a rule) to a document file as a security container.
However, in the access control adopting the action propriety format, it is difficult to write conditions such as an access time or an access location to be permitted or flexible access control contents such as a detailed function limit.
Therefore, there has been utilized access control adopting not only the action propriety format but also an access control policy format. The access control policy is a set of access control rules, and a standard descriptive specification is disclosed. In the access control policy, allowable conditions or a detailed function limit can be described. Therefore, in the access control adopting the access control policy format, when an access request for information is accepted, for example, whether a file can be opened is judged, and then control, e.g., limiting to a function described in the access control policy is enabled. Such a technology is generally also called digital rights management.
Further, in the access control policy format, as one aspect of allowable conditions, clearly specifying authority for replicating information or the number of times that replication can be performed is known. When such conditions are applied to information, replication of the information can be limited. For example, when conditional information in which the number of times that replication can be performed is specified is applied to electronic information, replication of the information is explicitly limited.
In the above-described technology, application based on each specific media type alone, e.g., electronic information alone is assumed, replication control when information is distributed beyond various media types is not performed.